Post Archive by Day

Additionally, the office only found out as part of the House Benghazi Committee’s investigation, which began in mid-2014. This is according to an unnamed person “familiar with the matter.”

According to the Associated Press, “The person said Clinton’s exclusive reliance on personal email as the nation’s top diplomat was inconsistent with the guidance given to [departments] that official business should be conducted on official email accounts.” Once it became clear she wasn’t following proper practices, the counsel’s office asked the State Department to ensure her work-related emails were properly archived. But this person does not specify when that happened exactly. (The Associated Press, 3/5/2015)

RNC [Republican National Committee] Chief Counsel John Phillippe writes in a letter, “I urge you to launch immediately an investigation into Secretary Clinton’s use of a personal email address and the Department of State’s policies regarding such use.” (McClatchy Newspapers, 3/5/2015)

Linick will initiate an investigation along those lines by the next month, if not sooner.

BlackBerrys from Clinton’s time as secretary of state can be used for instant messages as well as emails. Bloomberg reports that Clinton’s “top aides frequently used instant text messages to talk with each other, a form of communication that isn’t captured or archived by the State Department. It is not clear whether Clinton herself used her BlackBerry’s instant message service, as her aides did.” (Bloomberg News, 3/5/2015)

Politico reports, “State Department officials and Clinton aides have offered no response to questions in recent days about how her private email system was set up, what security measures it used, and whether anyone at the agency approved the arrangement. It’s unclear how such a system, run off an Internet domain apparently purchased by the Clinton family, could have won approval if the department’s policies were as the [State Department’s] inspector general’s report describes them.” (Politico, 3/3/2015)

According to State Department regulations in effect at the time, the use of a home computer was permitted, but only if the computer was officially certified as secure, and no evidence has emerged that Clinton’s server was given such a certification. Additionally, the department’s Foreign Affairs Manual (FAM) states, “Only Department-issued or approved systems are authorized to connect to Department enterprise networks.” (US Department of State)

An April 2016 article will indicate that many of the same questions still remain unanswered. (The Hill, 3/4/2016)

An aide to former Transportation Secretary Ray LaHood says that LaHood had a BlackBerry with both personal and government email accounts on it. This is news because LaHood held that job through President Obama’s first term, the same time Clinton was secretary of state, and Clinton recently claimed she only had one email address because she only wanted to carry one BlackBerry.

BuzzFeed will add that LaHood’s experience “was similar to that of other senior administration officials, officials and staff said. And it was also the way most people who worked in the administration from the early days of President Obama’s term understood things to work when it came to email…” (BuzzFeed, 3/5/2015)

Several days later, Emily Miller, a State Department official under Clinton, similarly comments, “When I worked at State, we had both unclassified State email and personal email on the same BlackBerry.” (Twitter, 3/10/2015)

A screenshot of the sslvpn.clintonemail.com log-in on March 4, 2015. (Credit: Gawker)

Gawker reports that Clinton’s private email server is still active and shows signs of poor security. If one goes to the web address clintonemail.com, one gets a blank page. But if one goes to the subdomain sslvpn.clintonemail.com, a log-in page appears. That means anyone in the world who puts in the correct user name and password could log in.

Furthermore, the server has an invalid SSL certificate. That means the encryption is not confirmed by a trusted third party. Gawker notes, “The government typically uses military-grade certificates and encryption schemes for its internal communications that designed with spying from foreign intelligence agencies in mind,” and Clinton’s server clearly is not up to that standard.

It also opens the server to what is called a “man in the middle” hacker attack, which means someone could copy the security certificate being used and thus scoop up all the data without leaving a trace. The invalid certificate also leaves the server vulnerable to widespread Internet bugs that can let hackers copy the entire contents of a servers’ memory.

As a result, independent security expert Nic Cubrilovic concludes, “It is almost certain that at least some of the emails hosted at clintonemails.com were intercepted.” (Gawker, 3/5/2015)

A screenshot of the mail.clintonemail.com Outlook log-in on March 4, 2015. (Credit: Gawker)

Gawker reports that in addition to the security problems shown by the subdomain to Clinton’s private email server sslvpn.clintonemail.com, there is another subdomain that reveals even more security issues. If one goes to various web addresses of the server’s mail host mail.clintonemail.com, one is presented with a log-in for Microsoft Outlook webmail.

Gawker notes that the “mere existence” of this log-in “is troubling enough: there have been five separate security vulnerabilities identified with Outlook Web Access since clintonemail.com was registered in 2009.”

Furthermore, security expert Robert Hansen says having a public log-in page for a private server is “pretty much the worst thing you can do. […] Even if [Clinton] had a particularly strong password,” simply trying a huge number of passwords will “either work eventually – foreign militaries are very good at trying a lot – or it’ll fail and block her from accessing her own email.” He says that the server shows so many vulnerabilities that “any joe hacker” could break in with enough time and effort.

Independent security expert Nic Cubrilovic says, “With your own email hosting you’re almost certainly going to be vulnerable to Chinese government style spearphishing attacks – which government departments have enough trouble stopping – but the task would be near impossible for an IT [information technology] naive self-hosted setup.” (Gawker, 3/5/2015)